Annotation of embedaddon/ipsec-tools/src/racoon/isakmp.h, revision 1.1
1.1 ! misho 1: /* $NetBSD: isakmp.h,v 1.7 2009/05/20 07:54:50 vanhu Exp $ */
! 2:
! 3: /* Id: isakmp.h,v 1.11 2005/04/25 22:19:39 manubsd Exp */
! 4:
! 5: /*
! 6: * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
! 7: * All rights reserved.
! 8: *
! 9: * Redistribution and use in source and binary forms, with or without
! 10: * modification, are permitted provided that the following conditions
! 11: * are met:
! 12: * 1. Redistributions of source code must retain the above copyright
! 13: * notice, this list of conditions and the following disclaimer.
! 14: * 2. Redistributions in binary form must reproduce the above copyright
! 15: * notice, this list of conditions and the following disclaimer in the
! 16: * documentation and/or other materials provided with the distribution.
! 17: * 3. Neither the name of the project nor the names of its contributors
! 18: * may be used to endorse or promote products derived from this software
! 19: * without specific prior written permission.
! 20: *
! 21: * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
! 22: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
! 23: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
! 24: * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
! 25: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
! 26: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
! 27: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
! 28: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
! 29: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
! 30: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
! 31: * SUCH DAMAGE.
! 32: */
! 33:
! 34: #ifndef _ISAKMP_H
! 35: #define _ISAKMP_H
! 36:
! 37: /* refer to RFC 2408 */
! 38:
! 39: #include <netinet/in.h>
! 40: #include "isakmp_var.h"
! 41:
! 42: #define INITIATOR 0 /* synonym sender */
! 43: #define RESPONDER 1 /* synonym receiver */
! 44:
! 45: #define GENERATE 1
! 46: #define VALIDATE 0
! 47:
! 48: /* 3.1 ISAKMP Header Format
! 49: 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
! 50: +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
! 51: ! Initiator !
! 52: ! Cookie !
! 53: +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
! 54: ! Responder !
! 55: ! Cookie !
! 56: +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
! 57: ! Next Payload ! MjVer ! MnVer ! Exchange Type ! Flags !
! 58: +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
! 59: ! Message ID !
! 60: +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
! 61: ! Length !
! 62: +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
! 63: */
! 64: struct isakmp {
! 65: cookie_t i_ck; /* Initiator Cookie */
! 66: cookie_t r_ck; /* Responder Cookie */
! 67: u_int8_t np; /* Next Payload Type */
! 68: u_int8_t v;
! 69: u_int8_t etype; /* Exchange Type */
! 70: u_int8_t flags; /* Flags */
! 71: u_int32_t msgid;
! 72: u_int32_t len; /* Length */
! 73: } __attribute__((__packed__));
! 74:
! 75: /* Next Payload Type */
! 76: #define ISAKMP_NPTYPE_NONE 0 /* NONE*/
! 77: #define ISAKMP_NPTYPE_SA 1 /* Security Association */
! 78: #define ISAKMP_NPTYPE_P 2 /* Proposal */
! 79: #define ISAKMP_NPTYPE_T 3 /* Transform */
! 80: #define ISAKMP_NPTYPE_KE 4 /* Key Exchange */
! 81: #define ISAKMP_NPTYPE_ID 5 /* Identification */
! 82: #define ISAKMP_NPTYPE_CERT 6 /* Certificate */
! 83: #define ISAKMP_NPTYPE_CR 7 /* Certificate Request */
! 84: #define ISAKMP_NPTYPE_HASH 8 /* Hash */
! 85: #define ISAKMP_NPTYPE_SIG 9 /* Signature */
! 86: #define ISAKMP_NPTYPE_NONCE 10 /* Nonce */
! 87: #define ISAKMP_NPTYPE_N 11 /* Notification */
! 88: #define ISAKMP_NPTYPE_D 12 /* Delete */
! 89: #define ISAKMP_NPTYPE_VID 13 /* Vendor ID */
! 90: #define ISAKMP_NPTYPE_ATTR 14 /* Attribute */
! 91:
! 92:
! 93: /* NAT-T draft-ietf-ipsec-nat-t-ike-05 and later */
! 94: /* XXX conflicts with values assigned to RFC 3547 */
! 95: #define ISAKMP_NPTYPE_NATD_BADDRAFT 15 /* NAT Discovery */
! 96: #define ISAKMP_NPTYPE_NATOA_BADDRAFT 16 /* NAT Original Address */
! 97:
! 98:
! 99: /* NAT-T RFC */
! 100: #define ISAKMP_NPTYPE_NATD_RFC 20 /* NAT Discovery */
! 101: #define ISAKMP_NPTYPE_NATOA_RFC 21 /* NAT Original Address */
! 102:
! 103: /* NAT-T up to draft-ietf-ipsec-nat-t-ike-04 */
! 104: #define ISAKMP_NPTYPE_NATD_DRAFT 130 /* NAT Discovery */
! 105: #define ISAKMP_NPTYPE_NATOA_DRAFT 131 /* NAT Original Address */
! 106:
! 107: /* Frag does not seems to be documented */
! 108: #define ISAKMP_NPTYPE_FRAG 132 /* IKE fragmentation payload */
! 109:
! 110: #define ISAKMP_NPTYPE_MAX 17
! 111: /* 128 - 255 Private Use */
! 112:
! 113: /*
! 114: * The following are valid when the Vendor ID is one of the
! 115: * following:
! 116: *
! 117: * MD5("A GSS-API Authentication Method for IKE")
! 118: * MD5("GSSAPI") (recognized by Windows 2000)
! 119: * MD5("MS NT5 ISAKMPOAKLEY") (sent by Windows 2000)
! 120: *
! 121: * See draft-ietf-ipsec-isakmp-gss-auth-06.txt.
! 122: */
! 123: #define ISAKMP_NPTYPE_GSS 129 /* GSS token */
! 124:
! 125: #define ISAKMP_MAJOR_VERSION 1
! 126: #define ISAKMP_MINOR_VERSION 0
! 127: #define ISAKMP_VERSION_NUMBER 0x10
! 128: #define ISAKMP_GETMAJORV(v) (((v) & 0xf0) >> 4)
! 129: #define ISAKMP_SETMAJORV(v, m) ((v) = ((v) & 0x0f) | (((m) << 4) & 0xf0))
! 130: #define ISAKMP_GETMINORV(v) ((v) & 0x0f)
! 131: #define ISAKMP_SETMINORV(v, m) ((v) = ((v) & 0xf0) | ((m) & 0x0f))
! 132:
! 133: /* Exchange Type */
! 134: #define ISAKMP_ETYPE_NONE 0 /* NONE */
! 135: #define ISAKMP_ETYPE_BASE 1 /* Base */
! 136: #define ISAKMP_ETYPE_IDENT 2 /* Identity Protection */
! 137: #define ISAKMP_ETYPE_AUTH 3 /* Authentication Only */
! 138: #define ISAKMP_ETYPE_AGG 4 /* Aggressive */
! 139: #define ISAKMP_ETYPE_INFO 5 /* Informational */
! 140: #define ISAKMP_ETYPE_CFG 6 /* Mode config */
! 141: /* Additional Exchange Type */
! 142: #define ISAKMP_ETYPE_QUICK 32 /* Quick Mode */
! 143: #define ISAKMP_ETYPE_NEWGRP 33 /* New group Mode */
! 144: #define ISAKMP_ETYPE_ACKINFO 34 /* Acknowledged Informational */
! 145:
! 146: /* Flags */
! 147: #define ISAKMP_FLAG_E 0x01 /* Encryption Bit */
! 148: #define ISAKMP_FLAG_C 0x02 /* Commit Bit */
! 149: #define ISAKMP_FLAG_A 0x04 /* Authentication Only Bit */
! 150:
! 151: /* 3.2 Payload Generic Header
! 152: 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
! 153: +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
! 154: ! Next Payload ! RESERVED ! Payload Length !
! 155: +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
! 156: */
! 157: struct isakmp_gen {
! 158: u_int8_t np; /* Next Payload */
! 159: u_int8_t reserved; /* RESERVED, unused, must set to 0 */
! 160: u_int16_t len; /* Payload Length */
! 161: } __attribute__((__packed__));
! 162:
! 163: /* 3.3 Data Attributes
! 164: 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
! 165: +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
! 166: !A! Attribute Type ! AF=0 Attribute Length !
! 167: !F! ! AF=1 Attribute Value !
! 168: +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
! 169: . AF=0 Attribute Value .
! 170: . AF=1 Not Transmitted .
! 171: +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
! 172: */
! 173: struct isakmp_data {
! 174: u_int16_t type; /* defined by DOI-spec, and Attribute Format */
! 175: u_int16_t lorv; /* if f equal 1, Attribute Length */
! 176: /* if f equal 0, Attribute Value */
! 177: /* if f equal 1, Attribute Value */
! 178: } __attribute__((__packed__));
! 179: #define ISAKMP_GEN_TLV 0x0000
! 180: #define ISAKMP_GEN_TV 0x8000
! 181: /* mask for type of attribute format */
! 182: #define ISAKMP_GEN_MASK 0x8000
! 183:
! 184: #if 0
! 185: /* MAY NOT be used, because of being defined in ipsec-doi. */
! 186: /* 3.4 Security Association Payload */
! 187: struct isakmp_pl_sa {
! 188: struct isakmp_gen h;
! 189: u_int32_t doi; /* Domain of Interpretation */
! 190: u_int32_t sit; /* Situation */
! 191: } __attribute__((__packed__));
! 192: #endif
! 193:
! 194: /* 3.5 Proposal Payload */
! 195: /*
! 196: The value of the next payload field MUST only contain the value "2"
! 197: or "0". If there are additional Proposal payloads in the message,
! 198: then this field will be 2. If the current Proposal payload is the
! 199: last within the security association proposal, then this field will
! 200: be 0.
! 201: */
! 202: struct isakmp_pl_p {
! 203: struct isakmp_gen h;
! 204: u_int8_t p_no; /* Proposal # */
! 205: u_int8_t proto_id; /* Protocol */
! 206: u_int8_t spi_size; /* SPI Size */
! 207: u_int8_t num_t; /* Number of Transforms */
! 208: /* SPI */
! 209: } __attribute__((__packed__));
! 210:
! 211: /* 3.6 Transform Payload */
! 212: /*
! 213: The value of the next payload field MUST only contain the value "3"
! 214: or "0". If there are additional Transform payloads in the proposal,
! 215: then this field will be 3. If the current Transform payload is the
! 216: last within the proposal, then this field will be 0.
! 217: */
! 218: struct isakmp_pl_t {
! 219: struct isakmp_gen h;
! 220: u_int8_t t_no; /* Transform # */
! 221: u_int8_t t_id; /* Transform-Id */
! 222: u_int16_t reserved; /* RESERVED2 */
! 223: /* SA Attributes */
! 224: } __attribute__((__packed__));
! 225:
! 226: /* 3.7 Key Exchange Payload */
! 227: struct isakmp_pl_ke {
! 228: struct isakmp_gen h;
! 229: /* Key Exchange Data */
! 230: } __attribute__((__packed__));
! 231:
! 232: #if 0
! 233: /* NOTE: MUST NOT use because of being defined in ipsec-doi instead them. */
! 234: /* 3.8 Identification Payload */
! 235: struct isakmp_pl_id {
! 236: struct isakmp_gen h;
! 237: union {
! 238: u_int8_t id_type; /* ID Type */
! 239: u_int32_t doi_data; /* DOI Specific ID Data */
! 240: } d;
! 241: /* Identification Data */
! 242: } __attribute__((__packed__));
! 243: /* A.4 ISAKMP Identification Type Values */
! 244: #define ISAKMP_ID_IPV4_ADDR 0
! 245: #define ISAKMP_ID_IPV4_ADDR_SUBNET 1
! 246: #define ISAKMP_ID_IPV6_ADDR 2
! 247: #define ISAKMP_ID_IPV6_ADDR_SUBNET 3
! 248: #endif
! 249:
! 250: /* 3.9 Certificate Payload */
! 251: struct isakmp_pl_cert {
! 252: struct isakmp_gen h;
! 253: /*
! 254: * Encoding type of 1 octet follows immediately,
! 255: * variable length CERT data follows encoding type.
! 256: */
! 257: } __attribute__((__packed__));
! 258:
! 259: /* Certificate Type */
! 260: #define ISAKMP_CERT_NONE 0
! 261: #define ISAKMP_CERT_PKCS7 1
! 262: #define ISAKMP_CERT_PGP 2
! 263: #define ISAKMP_CERT_DNS 3
! 264: #define ISAKMP_CERT_X509SIGN 4
! 265: #define ISAKMP_CERT_X509KE 5
! 266: #define ISAKMP_CERT_KERBEROS 6
! 267: #define ISAKMP_CERT_CRL 7
! 268: #define ISAKMP_CERT_ARL 8
! 269: #define ISAKMP_CERT_SPKI 9
! 270: #define ISAKMP_CERT_X509ATTR 10
! 271: #define ISAKMP_CERT_PLAINRSA 11
! 272:
! 273: /* 3.10 Certificate Request Payload */
! 274: struct isakmp_pl_cr {
! 275: struct isakmp_gen h;
! 276: u_int8_t num_cert; /* # Cert. Types */
! 277: /*
! 278: Certificate Types (variable length)
! 279: -- Contains a list of the types of certificates requested,
! 280: sorted in order of preference. Each individual certificate
! 281: type is 1 octet. This field is NOT required.
! 282: */
! 283: /* # Certificate Authorities (1 octet) */
! 284: /* Certificate Authorities (variable length) */
! 285: } __attribute__((__packed__));
! 286:
! 287: /* 3.11 Hash Payload */
! 288: struct isakmp_pl_hash {
! 289: struct isakmp_gen h;
! 290: /* Hash Data */
! 291: } __attribute__((__packed__));
! 292:
! 293: /* 3.12 Signature Payload */
! 294: struct isakmp_pl_sig {
! 295: struct isakmp_gen h;
! 296: /* Signature Data */
! 297: } __attribute__((__packed__));
! 298:
! 299: /* 3.13 Nonce Payload */
! 300: struct isakmp_pl_nonce {
! 301: struct isakmp_gen h;
! 302: /* Nonce Data */
! 303: } __attribute__((__packed__));
! 304:
! 305: /* 3.14 Notification Payload */
! 306: struct isakmp_pl_n {
! 307: struct isakmp_gen h;
! 308: u_int32_t doi; /* Domain of Interpretation */
! 309: u_int8_t proto_id; /* Protocol-ID */
! 310: u_int8_t spi_size; /* SPI Size */
! 311: u_int16_t type; /* Notify Message Type */
! 312: /* SPI */
! 313: /* Notification Data */
! 314: } __attribute__((__packed__));
! 315:
! 316: /* 3.14.1 Notify Message Types */
! 317: /* NOTIFY MESSAGES - ERROR TYPES */
! 318: #define ISAKMP_NTYPE_INVALID_PAYLOAD_TYPE 1
! 319: #define ISAKMP_NTYPE_DOI_NOT_SUPPORTED 2
! 320: #define ISAKMP_NTYPE_SITUATION_NOT_SUPPORTED 3
! 321: #define ISAKMP_NTYPE_INVALID_COOKIE 4
! 322: #define ISAKMP_NTYPE_INVALID_MAJOR_VERSION 5
! 323: #define ISAKMP_NTYPE_INVALID_MINOR_VERSION 6
! 324: #define ISAKMP_NTYPE_INVALID_EXCHANGE_TYPE 7
! 325: #define ISAKMP_NTYPE_INVALID_FLAGS 8
! 326: #define ISAKMP_NTYPE_INVALID_MESSAGE_ID 9
! 327: #define ISAKMP_NTYPE_INVALID_PROTOCOL_ID 10
! 328: #define ISAKMP_NTYPE_INVALID_SPI 11
! 329: #define ISAKMP_NTYPE_INVALID_TRANSFORM_ID 12
! 330: #define ISAKMP_NTYPE_ATTRIBUTES_NOT_SUPPORTED 13
! 331: #define ISAKMP_NTYPE_NO_PROPOSAL_CHOSEN 14
! 332: #define ISAKMP_NTYPE_BAD_PROPOSAL_SYNTAX 15
! 333: #define ISAKMP_NTYPE_PAYLOAD_MALFORMED 16
! 334: #define ISAKMP_NTYPE_INVALID_KEY_INFORMATION 17
! 335: #define ISAKMP_NTYPE_INVALID_ID_INFORMATION 18
! 336: #define ISAKMP_NTYPE_INVALID_CERT_ENCODING 19
! 337: #define ISAKMP_NTYPE_INVALID_CERTIFICATE 20
! 338: #define ISAKMP_NTYPE_BAD_CERT_REQUEST_SYNTAX 21
! 339: #define ISAKMP_NTYPE_INVALID_CERT_AUTHORITY 22
! 340: #define ISAKMP_NTYPE_INVALID_HASH_INFORMATION 23
! 341: #define ISAKMP_NTYPE_AUTHENTICATION_FAILED 24
! 342: #define ISAKMP_NTYPE_INVALID_SIGNATURE 25
! 343: #define ISAKMP_NTYPE_ADDRESS_NOTIFICATION 26
! 344: #define ISAKMP_NTYPE_NOTIFY_SA_LIFETIME 27
! 345: #define ISAKMP_NTYPE_CERTIFICATE_UNAVAILABLE 28
! 346: #define ISAKMP_NTYPE_UNSUPPORTED_EXCHANGE_TYPE 29
! 347: #define ISAKMP_NTYPE_UNEQUAL_PAYLOAD_LENGTHS 30
! 348: #define ISAKMP_NTYPE_MINERROR 1
! 349: #define ISAKMP_NTYPE_MAXERROR 16383
! 350: /* NOTIFY MESSAGES - STATUS TYPES */
! 351: #define ISAKMP_NTYPE_CONNECTED 16384
! 352: /* 4.6.3 IPSEC DOI Notify Message Types */
! 353: #define ISAKMP_NTYPE_RESPONDER_LIFETIME 24576
! 354: #define ISAKMP_NTYPE_REPLAY_STATUS 24577
! 355: #define ISAKMP_NTYPE_INITIAL_CONTACT 24578
! 356:
! 357: /* DPD */
! 358: #define ISAKMP_NTYPE_R_U_THERE 36136
! 359: #define ISAKMP_NTYPE_R_U_THERE_ACK 36137
! 360:
! 361: #define ISAKMP_NTYPE_HEARTBEAT 40503
! 362:
! 363: /* using only to log */
! 364: #define ISAKMP_LOG_RETRY_LIMIT_REACHED 65530
! 365:
! 366: /* XXX means internal error but it's not reserved by any drafts... */
! 367: #define ISAKMP_INTERNAL_ERROR -1
! 368:
! 369: /* 3.15 Delete Payload */
! 370: struct isakmp_pl_d {
! 371: struct isakmp_gen h;
! 372: u_int32_t doi; /* Domain of Interpretation */
! 373: u_int8_t proto_id; /* Protocol-Id */
! 374: u_int8_t spi_size; /* SPI Size */
! 375: u_int16_t num_spi; /* # of SPIs */
! 376: /* SPI(es) */
! 377: } __attribute__((__packed__));
! 378:
! 379: struct payload_list {
! 380: struct payload_list *next, *prev;
! 381: vchar_t *payload;
! 382: u_int8_t payload_type;
! 383: u_int8_t free_payload;
! 384: };
! 385:
! 386:
! 387: /* See draft-ietf-ipsec-isakmp-mode-cfg-04.txt, 3.2 */
! 388: struct isakmp_pl_attr {
! 389: struct isakmp_gen h;
! 390: u_int8_t type; /* Exchange type */
! 391: u_int8_t res2;
! 392: u_int16_t id; /* Per transaction id */
! 393: } __attribute__((__packed__));
! 394:
! 395: /* Exchange type */
! 396: #define ISAKMP_CFG_REQUEST 1
! 397: #define ISAKMP_CFG_REPLY 2
! 398: #define ISAKMP_CFG_SET 3
! 399: #define ISAKMP_CFG_ACK 4
! 400:
! 401: /* IKE fragmentation payload */
! 402: struct isakmp_frag {
! 403: u_int16_t unknown0; /* always set to zero? */
! 404: u_int16_t len;
! 405: u_int16_t unknown1; /* always set to 1? */
! 406: u_int8_t index;
! 407: u_int8_t flags;
! 408: } __attribute__((__packed__));
! 409:
! 410: /* flags */
! 411: #define ISAKMP_FRAG_LAST 1
! 412:
! 413: /* DPD R-U-THERE / R-U-THERE-ACK Payload */
! 414: struct isakmp_pl_ru {
! 415: struct isakmp_gen h;
! 416: u_int32_t doi; /* Domain of Interpretation */
! 417: u_int8_t proto_id; /* Protocol-Id */
! 418: u_int8_t spi_size; /* SPI Size */
! 419: u_int16_t type; /* Notify type */
! 420: cookie_t i_ck; /* Initiator Cookie */
! 421: cookie_t r_ck; /* Responder cookie*/
! 422: u_int32_t data; /* Notification data */
! 423: } __attribute__((__packed__));
! 424:
! 425: #endif /* _ISAKMP_H */
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to isakmp.h CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / ipsec-tools / src / racoon